package com.bjpowernode;


import java.io.IOException;
import java.io.InputStream;
import java.sql.*;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Scanner;

/**
 * @author LittleDesire
 * @description
 * @date 2022-03-01 周二 16:29
 * @since 17
 */
public class 模拟用户登录_有sql注入 {
    public static void main(String[] args) {
        String sql = "select * from t_user where loginNname = '' and loginPwd = 'asd' or '1' = '1'";
/*
    SQL注入
        请输入用户名：
        asd
        请输入密码：
        asd' or '1' = '1
        登录成功


        解决 调用预编译方法
        pstmt = conn.prepareStatement("select * from t_user where loginName = '" + loginName + "' and loginPwd = '" + loginPwd + "'");
*/
        //1. 初始化界面
        Map<String, String> loginInfoMessage = initUI();
        //2. 用户登录
        boolean message = login(loginInfoMessage);
        //3. 展示登陆结果
        loginResult(message);
    }

    /**
     * 返回登录信息
     *
     * @param loginResult 登录标记
     */
    private static void loginResult(boolean loginResult) {
        if (loginResult) {
            System.out.println("登录成功");
        } else {
            System.out.println("登录失败");
        }
    }

    /**
     * 用户登录操作
     *
     * @param loginInfo Map<用户名, 密码>
     * @return 登陆标记 true 登陆成功 false 登陆失败
     */
    private static boolean login(Map<String, String> loginInfo) {
        String loginName = loginInfo.get("loginName");
        String loginPwd = loginInfo.get("loginPwd");
        boolean result = false;
        InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("jdbc.properties");
        Properties prop = new Properties();
        try {
            prop.load(is);
            String driver = prop.getProperty("jdbc.driver");
            String url = prop.getProperty("jdbc.url");
            String username = prop.getProperty("jdbc.username");
            String password = prop.getProperty("jdbc.password");
            Class.forName(driver);
            Connection conn = DriverManager.getConnection(url, username, password);
            Statement stmt = conn.createStatement();
            String sql = "select * from t_user where loginName = '" + loginName + "' and loginPwd = '" + loginPwd + "'";
            ResultSet rs = stmt.executeQuery(sql);
            if (rs.next()) {
                result = true;
            }
        } catch (IOException | ClassNotFoundException | SQLException e) {
            e.printStackTrace();
        }
        return result;
    }

    /**
     * 初始化界面，
     *
     * @return 用户登录信息
     */
    private static Map<String, String> initUI() {
        Scanner sc = new Scanner(System.in);
        System.out.println("请输入用户名：");
        String loginName = sc.nextLine();

        System.out.println("请输入密码：");
        String loginPwd = sc.nextLine();

        HashMap<String, String> map = new HashMap<>();
        map.put("loginName", loginName);
        map.put("loginPwd", loginPwd);
        return map;
    }
}
